Notes:
To take advantage of GitHub SAML functionality, you must be in GitHub's Enterprise Cloud plan.
For more information about GitHub and SAML SSO, see About authentication with SAML single sign-on.
The Okta/GitHub Enterprise Cloud - Organization SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Login to GitHub Enterprise Cloud - Organization as the administrator of the GitHub organization for which you want to enable SAML.
If you are not already on the desired GitHub organization’s homepage, select the GitHub organization from the Switch dashboard context drop down menu:
On the next screen, select Edit [GitHub Organization Name] settings:
Your organization settings will appear. Select Security, then in the SAML single sign-on section, do the following (see screen shot at end of step for reference):
Check the Enable SAML authentication box.
Sign on URL: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Issuer: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Public Certificate: Copy and paste the following in PEM text format:
Sign into the Okta Admin Dashboard to generate this variable.
Click Save.
Done!
Make sure that you entered the correct value in the GitHub Organization field under the General tab. Using the wrong value will prevent you from authenticating via SAML to GitHub Enterprise Cloud - Organization.
GitHub uses SAML to protect a GitHub organization’s resources.
When a user uses IdP-initiated SAML to log in to their GitHub organization for the first time, they are asked to enter their username and password manually. Once their session cookie is stored in their computer, they won’t need to enter their credentials again.
GitHub uses JIT provisioning to assign GitHub accounts to GitHub organizations. After clicking on the GitHub app in Okta, users are taken to a page where they can either sign-in with an existing GitHub account or create a new one. The account used to sign-in or the new account created is automatically provisioned to the corresponding GitHub organization and is allowed to access its resources.
Go to https://github.com/orgs/[YourGithubOrgName]/sso.